It’s widely understood that virtualization and the cloud are critical technologies that agencies must acquire if government is to successfully move its systems forward. Ambassador Robert Gelbard, former U.S. State Department career diplomat, stated, “Every agency within the U.S. Government fully understands the need to rapidly deploy virtualization technologies and strategies to enhance the ability to respond to market forces while continuing to reduce costs.” Regardless of recommendations such as Gelbard’s, large numbers of agencies and CIOs still balk at making the final move to the cloud, with one survey reporting that over 50 percent of IT managers are resistant to moving sensitive data to the public cloud. So, what’s the key to bridging the gap between what’s necessary and the reluctance to make the leap? Simply put: encryption.
When implemented correctly, encryption allows data to remain agile and secure by giving agency leaders the power over encryption keys. The legacy fear that encryption is anything but agile has meant that virtualization projects have moved forward without it. In fact, a HyTrust survey found that 28 percent of organizations did not have encryption in place for cloud workloads. Encryption, however, is critical not only to securing today’s active cloud deployments, but also to convincing slow adopters of the value and safety of moving to the cloud.
Not Your Grandfather’s Encryption
Often seen as cumbersome, expensive and available only to technical users, encryption has gotten a bad reputation as a security solution. Today’s encryption technology, however, is purpose-built to work with and maintain the agility of virtual and cloud solutions. Moreover, many cloud and virtualization vendors are beginning to make built-in encryption available. The bottom line is that, with the diversity of encryption implementations now available, even the most security-conscious agencies can transition their IT services to the cloud without the fear of compromising data integrity.
Still, when it comes to acquiring encryption solutions, agency leaders should seek solutions that enable encryption best practices in the areas of control, scalability and compliance.
Encryption solutions that include a key-management system enable agencies to retain complete control of and continual access to their data. Such a system also removes the risk of losing keys – and consequently access – to data that’s locked in the cloud. Keys can be secured and accessed by a team, ensuring that there is no single key holder. This arrangement strengthens an organization’s security posture against insider threats and enables better disaster response and recovery.
Passwords are practical security solutions for single-device protection, but they do not scale up to the demands of managing tens, hundreds and thousands of devices. Today’s IT teams need a layered security and sign-on system to protect the complex and varied endpoints that access agency networks and data.
Agencies are faced with meeting various compliance standards such as PCI, HIPAA, OMB Mandate 06-16 and the Data Privacy Act. Ensuring compliance, however, should not slow down the pace of business, nor should costs necessarily rise to meet the demands. By using an encryption approach in the cloud, agencies can maintain both the agility of their virtual systems and low operational overhead with no effect on performance.
With solid, enterprise-grade encryption that meets compliance standards and a key-management system that scales to meet needs, security can become an enabler for virtualized solution adoption in the public sector. Agencies can virtualize mission-critical applications and data with confidence and can finally make the move to the public cloud.
Click here to learn more about cloud encryption and data control for the architectures your agency already has in place.